IT Security Outsourced IT

Mobile Device Security Policies

What are Mobile Device Security Policies?

Smartphones and other mobile devices are increasingly being used to conduct business, which means that businesses need to adopt policies aimed at protecting their organizations data security and privacy, no matter where that information is being accessed. In order to provide employees with the information and knowledge that they need to do business securely on mobile devices, it is recommended that organizations develop clear security policies for employees to follow. The following are recommended mobile device security policies1:

Encryption policies. Establish a policy where confidential data can’t be stored on any devices that lack encryption. Policies could also ban the storage of confidential data on any mobile device. Consider policies that require users to encrypt data before they store it.

Password security policies. Establish policies that require passwords be reset every 90 days, and that those passwords are strong, with sufficient length and a combination of elements. Two-factor authentication requirements can also help to increase security. Consider adding a policy that passwords and PINs must never be shared, or that lock screen passcodes must be used.

Acceptable use. An acceptable use policy can establish where and when employees are permitted to connect their mobile devices to the company’s network. Acceptable use policies may also specify responsibilities for users who use their own mobile devices for business purposes such as policies regarding the use of public Wi-Fi, the use of applications, and technical requirements.

Updates. Consider offering guidelines or policies for regularly updating software and operating systems, to ensure that all devices, especially employee-owned devices, are updated with the latest security patches.

Training policies. Establish policies that employees must undergo regular training on cybersecurity threats and mobile device security practices and policies such as device security, data encryption, and password management.

Along with policies, regular guidance and training on best practices can help employees to use their mobile devices more securely, both inside and outside of work. The following are best practices for mobile device management:

  • Use anti-virus software
  • Do not use rooted devices
  • Avoid public Wi-Fi and USB ports
  • Backup regularly
  • Avoid saving passwords
  • Enable remote device location and remote wipe
  • Log phone data, such as the mobile device’s serial number and Wi-Fi MAC address
  • Turn off Bluetooth when not in use
  • Be aware of social engineering techniques for mobile
  • Do not leave devices unattended
  • Use firewalls
  • Report lost or stolen devices immediately

1 Hightower, 2023, “Mobile device security in the workplace: five policies you must have”